Geopolitical Risks Elevate Threats to Cyber-Physical Systems and OT Supply Chains
Claroty researchers have warned that global conflicts, civil unrest, and tariff wars are significantly increasing the risks facing cyber-physical systems, particularly those underpinning critical infrastructure and operational technology (OT). According to the Global State of CPS Security 2025 report, attackers are expected to exploit vulnerabilities introduced by disrupted supply chains, with predictions that at least one major cyber-physical breach will occur within the next year. The instability in sourcing, manufacturing, and delivery of hardware and software components—driven by geopolitical tensions—has forced organizations to rely on new or less-vetted vendors, heightening the risk of unknown vulnerabilities in OT, building management, and healthcare systems.
Experts emphasize that changes in supply chain geography and sourcing, often resulting from trade restrictions and sanctions, can undermine the integrity and security of critical systems. The report, based on a global survey of 1,100 cybersecurity professionals, highlights the urgent need for organizations to reassess their risk management strategies and strengthen supply chain security to mitigate the evolving threat landscape. The convergence of geopolitical instability and fragile supply chains is creating new opportunities for cyber adversaries to target essential infrastructure worldwide.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Claroty publishes 2025 Global State of CPS Security report
Claroty released its 2025 Global State of CPS Security report, based on a survey of 1,100 cybersecurity professionals, warning that geopolitical conflict, civil unrest, and tariff disputes are increasing OT and CPS risk. The report says nearly half of organizations experienced breaches through third-party suppliers in the past year and urges stronger visibility, access control, governance, and vendor security requirements.
U.S. Secret Service dismantles telecom threat operation in New York
The U.S. Secret Service carried out an operation that dismantled a telecom-related threat in New York, highlighted as another significant cyber-physical security incident. It is cited alongside other examples showing the impact of threats against connected operational environments.
Russian operators compromise surveillance cameras in Ukraine
Russian threat activity included the compromise of surveillance cameras in Ukraine, cited as a notable example of cyber-physical systems being targeted during geopolitical conflict. The incident is referenced in Claroty's 2025 CPS security reporting as evidence of real-world OT/CPS risk escalation.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Escalating Threats to Critical Infrastructure from Geopolitical and Cyber Actors
Cybersecurity experts warn that attacks targeting critical infrastructure are expected to intensify, with a particular focus on operational technology (OT) systems. The evolving threat landscape is being shaped by geopolitical tensions, with state actors, criminal groups, and hacktivists increasingly seeking to cause physical disruption and damage, rather than merely stealing sensitive information. Experts highlight that hybrid warfare tactics are becoming more frequent, and the convergence of cyber and kinetic operations is reaching a critical inflection point for infrastructure security. Industry leaders and analysts predict that future attacks will closely follow geopolitical conflicts, making critical infrastructure a prime target in both cyber and physical domains. The discussions emphasize the need for organizations to reassess their risk management strategies and bolster defenses across multiple domains to address the growing sophistication and intent of adversaries targeting essential services and national assets.
Mar 21, 2026
Regulatory Uncertainty in OT Security Due to Third-Party Risk
Critical infrastructure providers are facing increased cybersecurity challenges stemming from third-party risks, which are driving regulatory uncertainty in the operational technology (OT) sector. According to a global survey by Claroty, 69% of cybersecurity professionals claim to closely follow existing cybersecurity standards, yet 76% anticipate that new regulations will force them to significantly overhaul their current security strategies. This disconnect highlights confusion and concern about the direction and impact of forthcoming regulatory requirements for cyber-physical systems. The survey, which included 1,100 cybersecurity professionals, revealed that nearly half of organizations with cyber-physical systems experienced breaches in the past year due to third-party access. Additionally, 54% of respondents reported finding security gaps or weaknesses in vendor contracts after an incident had occurred. These findings underscore the urgent need for improved third-party risk management and clearer regulatory guidance to protect critical infrastructure from evolving threats.
Mar 21, 2026
Expanding Cyber Risk Across Connected Assets and Supply Chains
Organizations are facing a rapidly evolving cyber risk landscape as the boundaries between IT, operational technology (OT), Internet of Things (IoT), and supply chain systems blur. The proliferation of connected devices, such as cameras, badge readers, HVAC systems, and factory controllers, has significantly increased the attack surface for enterprises. Business demands have driven the integration of IT, OT, and IoT, enabling telemetry to inform analytics and automation, but also concentrating dependencies on critical control planes like cloud consoles and APIs. This interconnectedness means that a single compromised identity provider, software updater, or remote management tool can serve as a single point of failure, potentially impacting thousands of endpoints and critical business processes. Security leaders emphasize the importance of maintaining a living inventory of assets, applying least privilege principles, and segmenting networks by function and criticality to mitigate these risks. Unknown or unmanaged devices should be treated as unsafe until proven otherwise, and where devices lack robust security features, organizations are advised to broker connections through secure gateways. The challenge is compounded by resource constraints and the long lifecycles of many IoT and OT devices, which often cannot be easily updated or replaced. The expansion of cyber risk also extends to the supply chain, where third-party vendors, contractors, and service providers can become entry points for attackers. Recent high-profile breaches have demonstrated that adversaries exploit trusted relationships to infiltrate organizations, with the fallout often affecting the victim company regardless of where the breach originated. This complexity is frequently invisible to the public and regulators, leading to reputational damage and loss of narrative control for affected organizations. Effective cyber readiness now requires extensive preparation, including scenario exercises, communication planning, and training to operate under pressure. The shift from endpoint-centric to control plane-centric risk management reflects the need to address the realities of modern, interconnected business environments. Organizations must adopt an "assume breach" mindset and focus on resilience and recovery planning, not just prevention. The evolving threat landscape demands that security strategies account for the full spectrum of connected assets and the intricate web of dependencies that define today's enterprises. As the definition of cyber risk continues to expand, so too must the approaches to visibility, segmentation, and incident response. Ultimately, the ability to manage and recover from cyber incidents hinges on preparation, visibility, and the recognition that every connected asset and relationship represents a potential risk vector.
Mar 21, 2026